10/14/2004 15:33 9723672008 YEE & ASSOCIATES PAGE 04/15 



m THE CLAIMS: 



1. 



g (Currently Amended) A method of secure session management and authentication 
between a web site and a web client, said web ate having secure and non-secure web pages, *ud 

method comprising the steps of: . . u 

a) utilizing a non-secure communication protocol and a session cookie when said web 

client requests access to said non-secure web pages; and 

b) utilizing a secure communication protocol and an authcode cookie when said web 
client requests access to said secure web pages nn thnt millions of «M antheode cookie are 

hetwe^ ntili^tions of * ** «""«"" ™* « *a*t some utilizations of said 

«.,dnn cooki e taVe nlace afte r utilizations of said authcode coc-fre. 

2. (Currently Amended) The method of claim 1 , wherein said method also comprises the 
steps of: 

c) requesting said session cookie from said web client wfee* whenever said web client 
requests access to said non-secure web pages and verifying said requested session cookie; and 

d) requesting said authcode cookie from said web client when whenever said web client 
requests access to said secure web pages and verifying said requested authcode cookie. 

3 . (Currently Amended) The method of claim 2, wherein said method [[alse] ] comprises 
repeatedly alternating between said secure communication protocol and said non-secure 
communication protocol [[J] when said web client alternates requests for access to said secure 
web pages and said non-secure web r«6*« . "* r ef.tive1v. and also repeatedly alternating between, 
said utilizations of said authcode an d said utilizations of said session code. 

4. (Original) The method of claim 3, wherein said alternating between said secure 
communication protocol and said non-secure comraunication protocol is facilitated by a table 
which keeps track of said non-secure web pages and said secure web pages. 
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5 (Origin!) The method of claim 4, wherein said web site uses said table to direct .id 
web cbent to use said secure communication protocol or said non-secure commumcatxon 
protocol depending on whether said web client requests access to said non-secure web pages or 
said secure web pages. 

6. (Original) The method of claim 3, wherein said method also comprises allowing said 
web client to be a guest cbent or a registered client. 

7. (Original) The method of claim 6, wherein said method also comprises creating stored 
information including data contained in said session cookie, data contained in said authcode 
cookie and data about said web client. 

8. (Original) The method of claim 7, wherein said session cookie includes a pointer and an 
encrypted portion, said pointer pointing to said stored information, said encrypted portion having 
a random portion and a date portion. 

9. (Original) The method of claim 7, wherein said authcode cookie includes an encrypted 
portion, said encrypted portico having a random portion and a date portion. 

10. (Original) The method of claim 8, wherein verifying said requested session cookie from 
said web client includes using said stored information to generate a second session cookie and 
comparing said second session cookie to said session cookie requested from said web client. 

1 1 . (Original) The method of claim 9, wherein verifying said requested authcode cookie 
from said web client includes using said stored information to generate a second authcode cookie 
and comparing said second authcode cookie to said authcode cookie requested from said web 
client 

12. (Currently Amended) A system, for secure session management and authentication 
between a web site and a web client, said system comprising a web server, a web client and a 
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communication chapel, said web server coupled to said web client via said conation 
channel, said web server having a web site, said web site including: 

a) secure and non-secure web pages; 

b) a non-secure communication protocol and a session cookie that is used for allowing 
said web client access to each one of said non-secure web pages; and 

c) a secure communication protocol and an authcode cookie that used for allowing sa,d 
web client access only, to said secure web pages. 

13. (Original) The system of claim 1 2, wherein said web site also includes: 

d) verification means for verifying said session cookie when said session cookie is 

requested from said web client; and 

e) verification means for verifying said authcode cookie when said authcode cookie is 

requested from said web client. 

14. (Original) The system of claim 1 3, wherein said web server further comprises a security 
alternating means for alternating between said secure communication protocol and said non- 
secure communication protocol. 

15. (Original) The system of claim 14, wherein said web server further comprises a table to 
keep track of said non-secure web pages and said secure web pages. 

1 6. (Original) The system of claim 13, wherein said web site includes access means to allow 
said web client to access said web site as a guest client or a registered client. 

17. (Original) The system of claim 1 6, wherein said web system has storage means for 
containing stored information about said web client, data contained in said session cookie and 
data contained in said authcode cookie. 
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, 8 (Original) The system of claim 17, wherein said session cookie includes a pointer and an 
encrypted portion, said pointer pointing to said stored information, »d encrypted portion having 
a random portion and a date portion. 

19. (Original) The system of claim 17, wherein said autocode cookie includes an encrypted 
portion, said encrypted portion having a random portion and a date portion. 

20 (Currently Amended) A computer program embodied on a computer readable medium, 
said computer program providing for secure session management and authentication between a 
web site and a web client, said web site having secure and non-secure web pages, said computer 
program adapted to: 

a) use a non-secure communication protocol and a session cookie whea whenever said 
web client requests access to said non-secure web pages; and 

b) use a secure communication protocol and an authcode cookie wtea whenev e r said web 
client requests access to said secure web pages. 

2 1 . (Original) The computer program of claim 20, wherein said computer program is further 
adapted to: 

c) request said session cookie from said web client when said web client requests access 
to said non-secure web pages and to verify said requested session cookie; and 

d) request said authcode cookie from said web client when said web client requests 
access to said secure web pages and to verify said requested authcode cookie. 

22. (Original) The computer program of claim 2 1 , wherein said computer program is further 
adapted to alternate between said secure communication protocol and said non-secure 
communication protocol when said web client alternates requests for access to said secure web 
pages and said non-secure web pages. 
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23 (Original) The computer prog^m of claim 22, wherein said alternating between said 
3ecure convocation protocol and said non-secure communication protocol is facilitated by a , 
table which keeps track of said non-secure web pages and said secure web pages. 

24 (Original) The computer program of claim 23, wherein said computer program uses said 
table to direct said web client to use said secure communication protocol or said non-secure 
communication protocol depending on whether said web client requests access to said non- 
secure web pages or said secure web pages. 



25. (Original) The computer program of claim 22, wherein said computer program is 
adapted to allow said web client to be a guest client or a registered client. 

26. (Original) The computer program of claim 25, wherein said computer program is 
adapted to create stored information including data contained in said session cookie, data 
contained in said authcode cookie and data about said web client. 

27. (Original) The computer program of claim 26, wherein said session cookie includes a _ 
pointer and an encrypted portion, said pointer pointing to said stored information, said encrypted 
portion having a random portion and a date portion. 

28. (Original) The computer program of claim 26, wherein said authcode cookie includes an 
encrypted portion, said encrypted portion having a random portion and a date portion. 

29. (Original) The computer program of claim 27, wherein verifying said requested session 
cookie from said web client includes using said stored information to generate a second session 
cookie and comparing said second session cookie to said session cookie requested from said web 
client. 

30. (Original) The computer program of claim 28, wherein verifying said requested authcode 
cookie from said web client includes using said stored information to generate a second authcode 
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cookie and comparing 
web client. 



said second authcode cookie to said authcode cookie requested from said 



31 (Currently Amended) [[A]] The computer program nfP h im 70 W W,in said computer 
^^^^ntedtocreatefe^e^ a NAME attribute inasession cookie r sa44^« P ^ 

pro gram comprising th n ntepi of [[by]]: 

a) generating a userjd; 

b) generating a ses$ion_string; 

c) generating a session_timestamp; 

d) appending said session Jimestamp to said sessionrtring to create an intermediate 



value; 



e) applying a one way hash function to said intermediate value to create a final value; and 

f) storing said final value in said NAME attribute. 



32. (Cancelled) 

33. (Currently Amended) [[A]] The computer program pf Claim 20, wherein said cgmputer 
pr ^rriis adapted to create fe r creating a NAME attribute in an authcode cookie , oaid computer 
program ooxnpriping the? oteps of fey' 

a) generating an authcode; 

b) generating an authcode_timestamp; 

c) appending said authcode_timestamp to said authcode to create an intermediate value; 

d) applying a one way hash function to said intermediate value to create a final value; and 

e) storing said final value in said NAME attribute. 

34. (Cancelled) 
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